Security News > 2021 > April > Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit
Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild.
The update comes after proof-of-concept code exploiting the flaw published by a researcher named "Frust" emerged on April 14 by taking advantage of the fact that the issue was addressed in the V8 source code, but the patch was not integrated into the Chromium codebase and all the browsers that rely on it, such as Chrome, Microsoft Edge, Brave, Vivaldi, and Opera.
The one-week patch gap meant the browsers were vulnerable to attacks until the patches posted in the open-source code repository were released as a stable update.
It's worth noting that Google halved the median "Patch gap" from 33 days in Chrome 76 to 15 days in Chrome 78, which was released in October 2019, thereby pushing severe security fixes every two weeks.
The latest set of fixes also arrive close on the heels of an update the search giant rolled out last week with patches for two security vulnerabilities CVE-2021-21206 and CVE-2021-21220, the latter of which was demonstrated at the Pwn2Own 2021 hacking contest earlier this month.
Users can update to the latest version by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaws.
News URL
Related news
- Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Qilin ransomware now steals credentials from Chrome browsers (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- September 2024 Patch Tuesday forecast: Downgrade is the new exploit (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-21206 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21220 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |